Fix XStream security
Problem to solve
Fix
Security framework of XStream not initialized, XStream is probably vulnerable.message from XStream
Further details
https://x-stream.github.io/security.html
Proposal
XStream xstream = new XStream();
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] {
Blog.class.getPackage().getName()+".*"
});What does success look like, and how can we measure that?
XStream message doesn't appear at application startup